角色管理命令用于定义指定用户的角色。
Createrole命令分配角色并指定其优点。指定的角色适用于无涯教程运行命令的数据库。如果在数据库中已存在,则该命令返回重复的角色错误。
语法:
{ createRole: "<new role>", privileges: [ { resource: { <resource> }, actions: [ "<action>", ... ] }, ... ], roles: [ { role: "<role>", db: "<database>" } | "<role>", ... ], authenticationRestrictions: [ { clientSource: ["<IP>" | "<CIDR range>", ...], serverAddress: ["<IP>" | "<CIDR range>", ...] }, ... ], writeConcern: <write concern document> }
命令字段:
字段 | 类型 | 描述 |
---|---|---|
Createrole | 字符串 | Creeatole字段包含新角色的名称。 |
privileges | 数组 | 它包含授予角色的权限。如果您不想指定任何角色,请留空。 |
roles | 数组 | 它包含用于将角色分配给用户的角色数组。 |
authentication Restrictions | 数组 | 身份验证限制字段限制服务器对角色的强制执行。 |
writeConcern | 文档 | 适用于此操作的写疑虑水平。 |
示例:
Creeaterole命令在管理数据库上创建learnfkadmin角色
db.adminCommand({ createRole: "LearnfkAdmin", privileges: [ { resource: { cluster: true }, actions: [ "addShard" ] }, { resource: { db: "config", collection: "" }, actions: [ "find", "update", "insert", "remove" ] }, { resource: { db: "users", collection: "usersCollection" }, actions: [ "update", "insert", "remove" ] }, { resource: { db: "", collection: "" }, actions: [ "find" ] } ], roles: [ { role: "read", db: "admin" } ], writeConcern: { w: "majority" , wtimeout: 5000 } })
mongodb droprople命令删除了用户在无涯教程运行命令的数据库中定义的角色。
语法:
{ dropRole: "<role>", writeConcern: { <write concern> } } Example: This example remove the readPrice role from the products database. use products db.runCommand( { dropRole: "readPrices", writeConcern: { w: "majority" } } )
更新命令更新用户定义的角色。该命令必须在角色数据库上运行。此命令可以完全替换先前的字段值。
语法:
{ updateRole: "<role>", privileges: [ { resource: { <resource> }, actions: [ "<action>", ... ] }, ... ], roles: [ { role: "<role>", db: "<database>" } | "<role>", ... ], authenticationRestrictions: [ { clientSource: ["<IP>" | "<CIDR range>", ...], serverAddress: ["<IP>", ...] }, ... ] writeConcern: <write concern document> }
示例:
db.adminCommand( { updateRole: "myClusterwideAdmin", privileges: [ { resource: { db: "", collection: "" }, actions: [ "find" , "update", "insert", "remove" ] } ], roles: [ { role: "dbAdminAnyDatabase", db: "admin" } ], writeConcern: { w: "majority" } } )
上面的示例更新了管理数据库上的MyClusterWideadmin角色。
这是一个非常重要的命令,用于在数据库中添加一些额外的权限,在该命令用于运行命令。
语法:
{ grantPrivilegesToRole: "<role>", privileges: [ { resource: { <resource> }, actions: [ "<action>", ... ] }, ... ], writeConcern: { <write concern> } }
示例:
use products db.runCommand( { grantPrivilegesToRole: "service", privileges: [ { resource: { db: "products", collection: "" }, actions: [ "find" ] }, { resource: { db: "products", collection: "system.js" }, actions: [ "find" ] } ], writeConcern: { w: "majority" , wtimeout: 5000 } } )
上面的示例为产品数据库中存在的服务角色授予两个附加权限。
祝学习愉快!(内容编辑有误?请选中要编辑内容 -> 右键 -> 修改 -> 提交!)